X
Originally published in 2022, Atlas Cloud’s recruitment industry cyber audit has returned for its second year.
Featured in…
Pete Watson
CEO, Atlas Cloud
“We’re all bound by the GDPR, which the UK adopted post-Brexit, to protect personal data. Directors often delegate cyber risks yet are the ones answering the ICO if anything ever happens – we need to break this dichotomy.
“Since our study last year, we’ve had a real-world reminder of what happens when candidate information unlawfully gets into the wrong hands. Costs spiral the moment you inform affected candidates, as you’re duly bound to do. From direct costs like candidate compensation claims to indirect costs like clients, candidates – eventually – consultants preferring to work with agencies without tainted reputations.”
“On the face of it, you think your own employees are smart enough to detect spoofing and therefore write off the need for specialised protection. But you’re devaluing the power of social engineering.
“Sure, catch-all attempts will be ignored by your employees but criminals are far more sophisticated these days, especially when they can earn so much. They’ll typically look to find out key information in advance from other employees, like who the company banks with and what days it makes pay runs. Then use this information in the phishing attempt.
“So, when you get an email request from the CEO containing information only known internally, you tend not to question it. It costs thousands.”
Pete Watson
CEO, Atlas Cloud
Pete Watson
CEO, Atlas Cloud
“It’s great to see our research from last year may have been making an impact.
“Directors looking to take a more hands-on approach should start with a simple third-party cyber audit or consider running the agency through the Government-backed Cyber Essentials scheme.”
“These are often simple fixes, like keeping your website’s content management system up-to-date.”
“Given the ease of solution, it’s a risk no agency leader should accept.”
Pete Watson
CEO, Atlas Cloud
“I’m delighted to see our groundbreaking industry research return for a second year running.
"We’re already seeing positive steps by the industry de-risking, but it doesn’t take a cyber expert to realise that more can and should be done.”
/ When was the last time you reviewed cyber insights?
4 in 5
…of boards or senior management within UK businesses rate cyber security as a ‘very high’ or ‘fairly high’ priority.
39%
…of UK businesses have identified a cyber-attack within the last 12 months.
Official UK Gov. statistics from the NCSC
As UK-based APSCo members are included in the study, relevant representatives are entitled to review the results relevant to their organisation for a limited time.
Reports are automated but, due to the nature of the content, we will be validating that requesting individuals are representatives of the organisation they’re wishing to review.
All of the information we have surfaced is publically available. It’s typically the data criminals will first review before deciding whether to form an attack, so a key first line of defence to get in order.
This is an automated cyber audit that has been compiled by Atlas Cloud to help the recruitment industry learn more about risk.
You are free to use this information however you wish – hopefully, it will inform your Risk Register and help you make more informed decisions about whether your cyber risks need to be addressed.
No matter what solutions you have in place, cyber risks build up over time. The Data Protection Act (2018) states agencies must take reasonable steps to protect any personal data, ensuring security “against unlawful or unauthorised access”.
If your risks are exploited and candidate information is accessed without authorisation, you face ani nvestigation from the Information Commissioner’s Office (ICO). They can fine up to £8.7 million or 2% of turnover, whichever is greater.
Our latest case study summarises the known events from a breach at Acorn Recruitment.
In it, candidate data was stolen and the agency had to deal with compensation claims. We also found law firms offering ‘no win, no fee’ services for the specific event.
The simple answer is this: If you have an IT solution in place, it doesn’t necessarily mean you have your cyber security risks taken care of.
When you buy or implement an IT solution, it should obviously be secure. However, as time passes, security risks creep in that need to be periodically assessed and considered.
© Atlas Cloud Limited 2023, registered number: 07297347
3rd Floor, Maybrook House, 27 Grainger Street, Newcastle upon Tyne, NE1 5JE
Our recent, nationwide research shows what can be learnt from working during lockdown. Download the report today.